Re: [Libreboot-dev] C201 Chromebook (veyron_speedy) port and Chromium OS security model

[Paul Kocialkowski]

Since I've been asked countless times for a status update on the
Chromebook C201 port to Libreboot, here is a summary of what is going
on and what is planned for the future.

First off, the code to rebuild coreboot, depthcharge and vboot in libreboot is 
ready. This includes the scripts to download, patch, build and prepare each of 
those, in the right order. The process produces a RO image of coreboot that can 
be flashed to the first MiB of the SPI flash (the image won't try to jump to 
any of the coreboot stages that are stored on the RW part of the SPI flash, 
thus, it is completely standalone). This comes with an image containing a 
string of the libreboot version (to be stored on a dedicated fmap partition on 
the SPI flash). Most importantly, a script to ease the replacement of those 
images in a full SPI flash image is provided, along with a description of the 
partitions .

While the code is ready, installation instructions are still at a draft stage. 
Even though they have already been tested successfully on a brand new device, 
some parts still need some more attention. Suggestions about it are welcome 
(replying to this thread is just fine for this purpose).

The libreboot repo[0] with those changes is available at my personal git 
repository. Expect it to be rebased from time to time!

When installation instructions are done, it will be time to merge those changes 
with the main libreboot repository, start building release images for the C201 
(codename veyron_speedy) and update the documentation on the libreboot website!

However, there is still a lot more left to accomplish after that milestone. The 
current state of the code only replaces part of the SPI flash. In the long run, 
it would be nice to rebuild and replace each and every part of software that 
lives on the SPI flash. As described in an earlier email to the list, there are 
many things in there, thus a lot of work ahead.

The first challenge will be to replace the RW stages of coreboot. Those are 
signed with a private key and their signatures are checked before being 
executed. If we want to release full images that can be installed as-is (or 
nearly), those will have to be signed with some keys. Those can either be test 
keys that are publicly available, which voids the whole security model, or keys 
that are kept secret by the libreboot project, which implies that users trust 
the project and have a way to verify that images signed that way do in fact 
originate from libreboot. Of course, we want to encourage users to generate and 
use their own keys instead, which offers the best security guarantees (provided 
they keep the private keys, well, private)! Writing up documentation for this 
will also be greatly needed.

Another important step will be to rebuild and release the embedded controller 
firmware. It is not strictly related to libreboot, since it lives outside of 
the main processor. Still, it's good to have it integrated with the libreboot 
build process since it is all free software as well. This will also make it 
easier to modify and rebuild it, as early investigation shows that it is not 
trivial to rebuild at all. The embedded controller firmware and its hash are 
also stored on the SPI flash, so we need to release them too in order to 
release a full flash image. This is part of a process called EC software sync, 
that updates the RW firmware part of the EC internal memory with the firmware 
stored on the SPI flash when the hashes of the two firmwares mismatch. The EC 
also has a RO firmware that should be considered fail-safe. Of course, 
libreboot will also release a rebuilt free firmware for the RO EC firmware.

With all that achieved, it'll only be a few bits and pieces to include to 
produce a full image that can replace the whole SPI flash chip!

Stay tuned for more information on the port!


--Paul Kocialkowski, Replicant developer
Replicant is a fully free Android distribution running on several
devices, a free software mobile operating system putting the emphasis
on freedom and privacy/security.
Website: https://www.replicant.us/Blog: 
https://blog.replicant.us/Wiki/tracker/forums: https://redmine.replicant.us/

signature.asc
Description: This is a digitally signed message part